http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No.

2; 2018

Impact of a Practical Flowcharts Approach on Educating the Control

Risk Assessment
Mohamed A. Wahdan1
1
Assistant Professor of Accounting, Accounting Department, Faculty of Commerce, Menoufia University, Egypt.
Correspondence: Mohamed A. Wahdan, Assistant Professor of Accounting, Accounting Department, Faculty of
Commerce, Menoufia University, Egypt.

Received: December 5, 2017 Accepted: January 1, 2018 Online Published: January 4, 2018
doi:10.5430/afr.v7n2p1 URL: https://doi.org/10.5430/afr.v7n2p1

Abstract
The assessment of a control risk is a difficult task which has to be learned over the years. Experience is a good
teacher in this respect. So, education guided by experience may be expected to be fruitful. The purpose of this paper
is to develop practical flowcharts (PFs) to assist in educating the novices the assessment of control risk and to present
the results of validation of PFs approach in classroom. The main research questions examined in the paper are: (1)
how can the PFs be developed to help students and novice auditors assess the control risk? And (2) to what extent is
using PFs effective as a tool to improve the education of assessing the control risk? To answer these questions,
adequate field work and experiment were performed. The knowledge is acquired (a) from the literature and (b) from
experienced auditors. The findings of the paper indicated that the conceptual model of PFs is successfully designed
consisting of eleven submodels and ten PFs. Moreover, using a PFs approach is an effective tool to improve the
education of assessing the control risk, i.e., the learning performance of students significantly improved via the PFs
assignment. From the results of the validation, it may be concluded that the conceptual model of PFs provides a vital
contribution to the auditing literature and the application of it constitutes a new education method of auditing.
Keywords: Control Risk, Practical Flowcharts Approach, Auditors, Education
1. Introduction
The auditor’s assessment of acceptable audit risk is a key element in the auditing process. Control risk is one
component of the audit risk model. The composition of a control risk assessment is a difficult task which has to be
learned over the years. Experience is a good teacher in this respect. So, education guided by experience may be
expected to be fruitful. Furthermore, one approach to improve auditing education is to employ a practice set within
the curriculum (Fanning and Grant, 2017). To assess the control risk, the auditors should obtain an appropriate audit
evidence to be able to draw reasonable conclusions on which an assessment is based. Audit evidence has been
obtained from tests of controls, substantive procedures or an appropriate mix of them (IFAC, 2010). According to
Arens et al. (2014) and Wahdan (2006), there are two audit approaches: (1) the control approach: the auditors focus
on the examination of the internal controls to reduce the amount of substantive tests they perform, and (2) the
substantive approach: the auditors do not take into account the internal controls and focus their analysis directly on
the amounts represented in the financial statements.
Standard unqualified audit report loses some credibility when it is combined with an adverse report of entity-level
internal controls over financial reporting as alleged by some users (Asare & Wright, 2012; Defond and Lennox,
2017). Furthermore, the firms with material weaknesses of internal control under SOX section 404 are more likely to
receive going concern opinion (Jiang et al., 2010) and may be associated with both lower accruals quality and less
accurate management guidance (Doyle et al., 2007; Feng et al., 2009; Lenard et al., 2016; Amoal, et al., 2017; Ji et
al., 2017). Moreover, the quality of accounting information can only be guaranteed under effective internal control
(Li et al., 2012; Feng, 2017). Management in most companies is required to design and maintain an effective internal
control system and to make a report on the effectiveness of the internal control over financial reporting at the end of
year. Moreover, auditors in a public company are required to evaluate and attest to the management’s report on the
effectiveness of the internal control over financial reporting. Since 2004, larger public companies have been required
by the SEC to annually obtain an auditor’s report on internal controls over financial reporting (Lopez et al., 2006;

Published by Sciedu Press 1 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Institute of internal Auditors, 2008; Arens, et al., 2014; Romney & Steinbart, 2015). So, an auditor should be skilled
and trained in assessing the control risk.
In practice, the assessment of control risk in not based on objective rules or criteria but on professional judgment and
experience. Inexperienced auditors have difficulties in making this assessment effectively (Hwang et al., 2004).
Since company managers and auditors depend on the personal judgements approach during the stage of evaluating
the internal controls, this may lead to different company managers and auditors reaching different decisions on the
effectiveness of internal controls over financial reporting, depending on, among others, their experience and
expertise (Curtis & Hayes, 2002; O’Leary, 2003; Wahdan et al., 2009). Such an approach may be ineffective and
may lead to different auditors coming to different decisions, developing a personal bias, increasing/decreasing audit
scope, and/or giving misleading judgements (Wahdan, 2006).
This paper aims at (1) developing practical flowcharts (abbreviated as PFs) to facilitate (i) training by professors and
experienced auditors in assessing the control risk and (ii) the learning process of students and novice auditors in
assessing the control risk, and (2) investigating whether PFs approach is an effective tool to improve the education of
assessing the control risk. Of course, the knowledge in the PFs (that are applicable in practice) should be in
accordance with ISA 330 (The Auditor's Responses to Assessed Risks), ISA 400 (Risk Assessments and Internal
Control), COSO 2013, and with common practice. The training materials should focus on the audit assessments and
relevant procedures that help in assessing the control risk. Two main research questions examined in this paper are:
(1) how can the PFs be developed to help students and novice auditors assess the control risk? And (2) to what extent
is using PFs effective as a tool to improve the education of assessing the control risk?
The paper focuses on both the education of students to a qualified level the assessment of the control risk and the
design of the PFs that will help the education process in many ways (Wahdan & Van den Herik (2011). Below, it is
mentioned six of them.
(1) PFs will help reduce the time required for students and novice auditors to acquire the experiences needed to
assess the control risk
(2) PFs will support the training of students and novice auditors [Changchit, 2003]. It will provide them with
structured knowledge on the assessment of control risk.
(3) PFs will improve the education in such a way that the control risk complies with the ISA, COSO requirements
and the practical auditing settings (which differ from country to country).
(4) PFs will properly encode and arrange all the knowledge associated with the control risk; it organises personal
judgements and improves decision consensus as well as audit quality.
(5) PFs can be considered as a foundation to design software such as knowledge-based system to help students and
novice auditors assess the control risk and to support the experienced auditors as a second opinion (Wahdan,
2006).
(6) PFs can be considered as an efficient technique being more readily and understandable than other techniques,
such as textbooks, and tabular presentation (Groomer & Heintz, 1999).
(7) PFs can provide with the requirements of an effective system of internal control and may enable management to
eliminate ineffective, redundant or inefficient controls (COSO, 2013).
The conceptual model of PFs focuses on the assessment of control risk, which seeks to determine internal controls’
reliability. To assess the effectiveness of the internal controls for planning audit evidence, auditors need to perform
eleven activities: (1) understanding internal controls, (2) evaluating the management integrity, (3) examining
documents and records, (4) evaluating control environment, (5) reviewing risk assessment, (6) investigating control
procedures, (7) reviewing information and communication, (8) walking-through of significant accounts, (9)
performing tests of controls, (10) monitoring and (11) assessing the control risk (COSO, 2013; Arens et al., 2014).
To assess the control risk, the results of all above activities should be collected in advance to assess the control risk.
The full model consists of eleven submodels that directly lead to the structure of PFs (as presented in section 4).
The outline of the paper is as follows. Section 2 reviews the related literature. Section 3 deals with the research
methodology. Section 4 presents the conceptual model to design PFs. Section 5 provides the results of an
experimental study carried out within one state university in Egypt. Section 6 provides the main conclusion,
contribution and limitations as well as points to future work.

Published by Sciedu Press 2 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

2. Literature Review
There are some studies related to auditing education and some tools used to improve the effectiveness of auditing
education. Here some studies that are related to internal controls, practical flowcharts, and other educating tools are
presented as follows.
Groomer & Heintz (1999) were the first to propose the use of flowcharts in teaching students many types of the audit
reports and the formulation of the auditor’s report. However, they based their course materials only on GAAS and
ignored the ISA as well as the common practice. They focused on the changes in some Statements of Auditing
Standards [SAS No. 79 (Reports on Audited Financial Statements), and SAS No. 82 (Consideration of Fraud in a
Financial Statement Audit)] that deal with the reporting issues.
Changchit, et al., (2001a) designed an expert system to help transfer control knowledge to management. The findings
of the study indicated that the expert system could help managers effectively and efficiently detect the weaknesses in
internal controls. Changchit, et al., (2001b) presented another study for the same purpose with results similar to the
former.
In 2004, Hwang et al. presented a prototype design support model called “CRAS-CBR” using case-based reasoning
to help auditors making their professional judgments on the control risk assessment of the accounting systems in the
manufacturing industry. The results of the experiment indicated that CRAS-CBR outperforms staff auditor
performance and a statistical model. However, this study depends only on a small sample size.
Wahdan & Van den Herik (2011) used a practical flowcharts approach to educate youngsters in the formulation of
the auditor’s opinion. Since the auditing standards provide only guidelines to apply the standards in practice, it is
believed that the knowledge required to build adequate PFs should be acquired not only from GAAS and ISA, but
also from the literature as well as from experienced auditors (who know how the auditing standards can be applied in
practice) through a questionnaire and interviews.
The study of Wahdan (2013) aims at modelling, implementing, and validating a knowledge-based system, called the
“Auditor’s Report on Internal Controls” (ARIC), that is capable of formulating the opinion on the effectiveness of
internal controls over financial reporting. The knowledge used by ARIC is acquired from the literature, and from
experienced auditors. Test cases are used to validate the ARIC performance. The findings of the study indicated that
ARIC is successful in achieving the task of evaluating the internal controls over financial reporting.
Marand and Bayaz (2015) purposed to discover the impact of computerized accounting systems on the auditing risk
management in listed firms of Tehran stock exchange. The results of the study indicated that the computerized
accounting system has a positive impact on the inherent risk in forms of reducing the internal control weakness,
reducing the risk of sampling related to tests of controls and providing with a suitable method to assess the inherent
risk.
In 2015, Han et al. dealt with the association between information technology (IT) and audit risk. They found that the
IT complexity generates challenges for auditors in evaluating the effectiveness of internal control and detecting
accounting irregularities. However, IT decreases the audit risk by improving operations and internal control
effectiveness which may decrease the inherent and control risks.
Apostolou et al. (2015) reviewed the literature regarding the theoretical and empirical research related to accounting
education and found that the articles are categorized into five sections including: (1) curriculum and instruction, (2)
instruction by content area, (3) education technology, (4) students, and (5) faculty. They also presented suggestions
for research in these areas.
In 2015, there were a lot of researches and experiments related to accounting education, for examples: Camp et al.
(2015) used alternative quiz formats to motivate students learning in a classroom intervention at one US University.
Furthermore, Ryack et al. (2015) explored the challenges of teaching GAAP and IFRS in the second intermediate
financial accounting course at two private universities in the US. Glover and Werner (2015) also devoted IFRS
course at Drexel University and presented alternative delivery options and the best practice. Moreover, McNellis
(2015) inspected the efficacy of alternative approaches for delivering statement of cash flows content across three
semesters at a public US University. Greenberg and Wilner (2015) developed a hierarchal concept map framework
for integrating concepts in a managerial accounting course. Jackson and Cossitt (2015) investigated whether usage of
online tutoring software could benefit intermediate accounting students with a weak knowledge of introductory
accounting. Aldamen et al. (2015) examined the effect of using recorded lectures on course performance and
attendance for first year students enrolled in a financial accounting course.

Published by Sciedu Press 3 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

In 2017, Davis et al. described a case approach for teaching internal control evaluation in sales and cash receipts
cycles using Excel spreadsheet tool. The case and spreadsheet application provide students an opportunity to deeply
understand and analyse the accounting processes, the internal controls, and the interrelationships between the
processes and controls. The finding of the study indicated that the students were significantly increased their abilities
to evaluate internal controls by completing the case (their average score increased from 44% to 62%).
In 2017, Fanning and Grant compared the manual and computerized practice set, which achieving the learning
objectives best. The findings of the study indicated that the computerized practice set decreases the time and energy
of the faculty and increases the faculty's ability to help the remote students. However, using a computerized practice
set that post the transactions in not beneficial to the student's retention of the knowledge about the accounting
process. The best scenario appears to be choosing the option for having students post the transactions.
It is remarked that previous studies ignored designing practical flowcharts to help learn the assessment of control risk
according to the literature and auditors' experiences. So far, educating the assessment of control risk using practical
flowcharts received little attention in the literature. To the best of the author's knowledge, previous research has
failed to deal adequately with the complexities of the task of assessing control risk in the auditing classrooms.
3. The Research Methodology
To achieve the research goal, a research methodology consisting of six phases was developed: (1) reviewing the
literature, (2) designing a questionnaire, (3) validating the acquired knowledge, (4) designing the PFs, (5) revising
the PFs, and (6) applying and testing the PFs in our auditing education at Menoufia University in Egypt. A sample of
34 experienced auditors in seventeen audit firms in Egypt participated in the survey (note: several international audit
firms are included and three auditors are from the Central Auditing Organization in Egypt). They cooperated in
exploring the auditing tasks to a large extent, in so far as they are required to assess the control risk. Below the six
phases are described in more details.
(1) A thorough literature review was performed for acquiring knowledge to assess the control risk.
(2) The questionnaire coupled with in-depth interviews was used to elicit the knowledge from 34 experienced
auditors in audit firms; the required knowledge focused on how the auditor performs the task of assessing the
control risk in practice. In order to acquire the audit assessments needed to assess the control risk and to answer
the first research question. The questionnaire consisted mainly of questions requiring a response on a five-point
Likert-scale (always, often, sometimes, rarely, never). The revised questionnaire was divided into 11 parts (based
upon preliminary interviews), each covering one submodel of the proposed flowcharts. Furthermore, when
performing structured interviews, the questionnaire was sent to auditors before the interviews. The 11 main
domains of questions that cover the procedures required to assess the control risk are presented in PFs (most of
the detailed questions and procedures, which have a high weighted Means are presented in PFs).
(3) The acquired knowledge was validated by letting the auditors review the results of the knowledge-acquisition
process. Disagreements among auditors were solved. The author chose a sample of experienced auditors to
decrease the disagreements among the auditor’s points of view and interviewed them individually. Then, if there
was still any disagreement, the leading expert made a final decision. For example, the sequence of questions to
evaluate the control procedures. Some auditors preferred to use weights for the control procedures such as
separation of duties is more important than safeguarding of assets. The flowcharts are modified to reflect the
auditors’ points of view. Moreover, It is noted that a high risk cannot be reached by simply having one ‘no’
answer out of many questions asked.
(4) PFs were constructed based upon the knowledge collected and elicited in the three phases above.
(5) Revision of the PFs was carried out by the auditors (academic and practitioners) to check the validation of the
PFs as a tool for assessing the control risk.
(6) Based upon the results of the revision and validation process in step five, PFs were enhanced. Subsequently, the
PFs were tested in the auditing classroom using ten test cases. 64 students from Menoufia University in Egypt
participated. Some feedback information was collected from auditing professors and students about the
developed PFs. Finally, findings, conclusion, limitations and suggestions for future research were established.
4. The Conceptual Model for PFs
The conceptual model of using PFs is illustrated in Figure 1. The main submodel of the assessing control risk is
considered as the output of other ten submodels. The other submodels are (1) understanding internal control, (2)
evaluating the management integrity, (3) examining documents and records, (4) evaluating control environment, (5)

Published by Sciedu Press 4 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

reviewing risk assessment, (6) investigating control procedures, (7) reviewing information and communications, (8)
walking-through of significant accounts, (9) performing tests of controls and (10) monitoring (Wahdan, 2006;
Wahdan, 2013, COSO, 2013, Arens et al., 2014; Lawson et al., 2017; Owusu-Boateng et al., 2017). These submodels
represent the stages of assessing control risk that cope with the approach applied by the Big-4 audit firms.

(2) Evaluating the (7) Reviewing

management integrity information and
communications

(3) Examining
documents and (8) Walking-through
records of significant
accounts
(1) (11)
Understanding (4) Evaluating control Assessing
internal control, environment control risk

(9) Performing tests

(5) Reviewing risk of controls
assessment

(6) Investigating
control procedures (10) Monitoring

Figure 1: The conceptual model for PFs

4.1 Submodel of Assessing Control Risk

The purpose of this submodel is to structure the process of examining internal controls and assessing the control risk
(CR), which seeks to determine reliability of internal controls and the amount of audit evidence required to support
the assessment of control risk. To assess the effectiveness of the internal controls for planning audit evidence,
auditors need to understand the key internal controls and assess the control risk. It is common practice that if the
auditors rely on the internal controls, they will reduce the amount of substantive tests, which they have to execute
(Arens et al., 2014). A common approach used by auditors, to determine the reliability of the internal controls,
consists of three stages: (1) obtaining an understanding of the internal controls at a detailed level, (2) assessing the
control risk and identifying the possibility of reducing it, and (3) testing the effectiveness of the internal controls. An
auditor may not conclude that the control risk is low before completing all these three stages (Locatelli, 2002; Guy et
al., 2003; Wahdan, 2013; Arens et al., 2014).
To complete the test of evaluating internal controls, the main submodel of assessing control risk distinguishes ten
submodels (see Figure 2). Figure 2 illustrates the steps required to evaluate the effectiveness of internal controls and
assess the control risk. Steps in Figure 1 are turned into Figure 2, but in particular sequence according to auditors’
points of view to firstly understand the internal controls, then to assess the control risk, and finally to test the
possibility of reducing the control risk. The arrows in Figure 2 indicate that the output from one of the submodels is
used as input for the other. For example, the output of the submodel of understanding internal controls forms the
input of the following submodels: evaluating management integrity, examining documents and records, evaluating
control environment, reviewing risk assessment, and investigating control procedures. The control risk model
assesses the proper control risk after collecting the outputs from all submodels (see figure 2). The auditor should
decide which level of assessed control risk should be used. If the auditor identifies the assessed level of control risk
as the maximum (internal control becomes less effective (Khorwatt, 2015), the conclusion should be documented.
However, if it is below the maximum, the bases and reasons of that conclusion should be documented (Guy et al.,
2003; Boynton & Johnson, 2006; Arens et al., 2014; Khorwatt, 2015).

Published by Sciedu Press 5 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Does understanding the internal controls

support the lower level of CR? F.3 No

Yes

Is the management integrity unquestionable?

F.4 No

Yes

Are there reliable documents and records? Disclaimer

No of opinion
Yes
Does management consider the internal controls important?
F.5
No
Yes

Does the reviewing risk assessment support the low

level of CR? F.6
No
Yes

Do the investigating control procedures support

the low level of CR? F.7
No
Yes

Does the reviewing information and

communication support the low level of CR? F.8
No
Yes

Do the results of walk-through of significant

accounts support the low level of CR? F.9 No
R. B4
Yes
Do the results of tests of controls support the low
level of CR? F.10
R. B4 No
Yes

Does the monitoring support the low level of CR?

F.11 No
Yes
Do
Yes compensation
controls
support the low
Assessing CR as low risk and level of CR?
documenting the basis of conclusion Assessing CR as high risk and
documenting the conclusion

Figure 2: The submodel of assessing control risk. F: Figure

4.2 The Submodel of Understanding Internal Controls

The purpose of this submodel is to provide an understanding of the control environment and accounting system
sufficient to set up the audit plan of financial statements (Guy et al., 2003; Boynton & Johnson, 2006; Arens et al.,
2014). They have to be concerned with the controls regarding the reliability of financial reporting to comply with the
second GAAS fieldwork, the SAS 78 (Lenard, 2003), the ISA 330, the ISA 400, COSO 2013, and Sarbanes Oxley
act (Krishnan & Visvanathan, 2007; IFAC, 2010; COSO, 2013). The SAS 78 and ISA 400 require the auditor to
obtain an understanding of the internal controls for every audit. In obtaining an understanding of internal controls,
the auditor should consider two issues; the design of controls and their placement in operation (Arens et al., 2014).
Auditors can use five procedures to evaluate the design of controls and placement in the operation: (1) updating and
evaluating an auditor’s previous experience with the company, (2) making inquiries of the auditee personnel, (3)
reading an auditee’s policy and systems manuals, (4) examining documents and records, and (5) observing the
company activities and operations (PCAOB, 2004; Arens et al., 2014).The transaction walk-through can combine
observation, documentation, and inquiry. The auditor selects a representative sample of documents for the initiation

Published by Sciedu Press 6 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

of a transaction type and traces them through the entire accounting process in the transaction walk-through (Ernst &
Young, 2002; Arens et al., 2014). Figure 3 illustrates the PF of understanding internal controls.

Does the previous experience with the entity indicate

that internal controls can prevent or detect
misstatements in the financial statements?

Is there an adequate documentation of the accounting

systems indicating an effective operation?

Is there an adequate documentation of the controls

procedures indicating an effective design of controls?

Does the examination of the documents and records ensure

that internal controls can prevent or detect misstatements?

Do the inquiries with client personnel ensure that

internal controls can prevent or detect misstatements?

Does the observation of the specific controls applied ensure

that control procedures have been placed in operation?

Does reading the client policy and the system manuals

ensure that internal controls can prevent or detect
misstatements in the financial statements?

Did the design of controls

provide the reasonable
assurance regarding
preventing or detecting
misstatements in the F.S.?

Understanding of internal control system supports Understanding of internal control system does not
the low level of control risk support the low level of control risk

Figure 3: Understanding internal control

4.3 The Management Integrity Submodel

The purpose of this submodel is to contribute to assess whether the financial statements are auditable. For example,
in figure 4, the management integrity is affected by many factors. Some factors indicate a lack of management
integrity, including the presence of one or a few individuals dominating management of the enterprise, improper
accounting system, improper internal controls, false earnings, poor reputation, taking unusual risks, considerable
turnover in senior positions, poor relationships with external auditors, and/or problems with customers, stockholders,
or employees. If management integrity is questionable, false representations cause the auditor to rely on unreliable
evidence. The management integrity is classified as a factor of business risk which affects the control risk (Khorwatt,
2015). Figure 4 illustrates the PF of evaluating the management integrity.

Published by Sciedu Press 7 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Did one or a few individuals dominate

management?

Was there proper accounting system?

Was there proper internal control system?

Did management want to show higher earnings?

Did management have a poor reputation in the industry?

Did management have a reputation for risk taking?

Was there a high turnover in internal accounting and auditing

personnel?

Did management cooperate with the external auditor to save

audit evidence?

Were there problems between the management and

customers, stockholders, and employees?

Were there indicators in the minutes of board of directors, which

show problems integrity?

Were the effects of

matter so material
to indicate
problems integrity?

Management integrity is Management integrity is

unquestionable questionable

Figure 4: The management integrity

4.4 The Submodel of Examining Documents and Records

The purpose of this submodel is to contribute to assess the adequacy of documents and records to help auditors
assess whether the financial statements are auditable, if the accounting records (source of the audit evidence) are
unreliable and/or inadequate, the audit evidence may not be accessible. Moreover, improper documentation process
provides opportunity to misappropriate the assets (Zakaria & Nawawi, 2016). When the auditor concludes that the
financial statements are not auditable, the engagement is withdrawn or a disclaimer of opinion is issued (Arens et al.,
2014) as illustrated in figure 2.
4.5 The Submodel of Control Environment
The purpose of this submodel is to evaluate control environment (management attitude). This evaluation is essential
for the preliminary assessment of the level of control risk (Hwang et al., 2004; COSO, 2013). Control environment
consists of actions, policies, and procedures that affect management attitudes with respect to internal controls. The
auditor should understand the control environment to assess the management’s attitude and awareness regarding the
controls importance (Colbert, 2000; Munter, 2003; IFAC, 2010; Institute of internal Auditors, 2011). If management
gives less attention to internal controls, the management’s control objectives will not be effectively achieved (Arens
et al., 2014), the control procedures may be unreliable and the control risk should be at the maximum. Figure 5
illustrates the PF of control environment. The auditor can use five procedures to understand and assess control
environment in the organization: (1) organization’s integrity and ethical values, (2) board of director’s independence,

Published by Sciedu Press 8 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

(3) responsibilities and authorities throw organizational structure, (4) competent individuals (5) accountability
(KPMG, 2013; Arens et al., 2014; Khorwatt, 2015; DEO, 2016).

Is the organization commitment to integrity

and ethical values?

Does the board of directors is independence from

management and exercises oversight of the
development and performance of internal control?

Does the management establishes organizational structure

and determine authorities and responsibilities in the
pursuit of objectives?

Does the organization committed to attract,

develop, and retain competent individuals in
alignment with objectives?

Does the organization hold individuals

accountable for their internal control
responsibilities for the pursuit of objectives?

Evaluation of control environment supports the Evaluation of control environment does not
low level of control risk support the low level of control risk

Figure 5: Control environment evaluation

4.6 The Submodel of Risk Assessment

The purpose of this submodel is to illustrate the steps of risk assessment and how this process affects the assessment
of control risk. In designing and operating internal controls to minimize errors and fraud, management identifies and
analyses the risks related to the preparation of financial statements in accordance with related accounting standards.
Once management identifies risks, it assesses the significance of those risks and its likelihood of occurring and
develops actions needed (manage risk) to reduce the risks to an acceptable level (Deshmukh, 2004; KPMG, 2013;
Arens et al., 2014). On the other side, the auditors assess risks to decide the evidence needed in the audit. Risk
assessment requires management to consider the impact of possible changes in its business and external environment
that may make internal control ineffective (COSO, 2013). The auditors’ assessment of the risk consists of three
stages (PCAOB, 2005): (1) Risk identification; the auditor estimates the expected risks in financial statements, based
on his understanding of the company, its industry and business processes. (2) Risk analysis; the auditor analyzes and
assesses how the risks identified might affect the financial statements. (3) Auditor response; the auditor decides how
to conduct the audit and obtain a high level of assurance that material misstatements in financial statements will be
detected. Figure 6 illustrates the PF of risk assessment.

Published by Sciedu Press 9 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Does the organization define its objectives with

sufficient clarity to enable the identification and
assessment of risks related to financial reporting?

Does the management identify risks and their

significance and likelihood of occurring as a basis
for risk management?

Does the organization take the potential actions for

reducing the risks to an acceptable level?

Risk assessment supports the low level of Risk assessment does not support the low
control risk level of control risk

Figure 6: Risk assessment

4.7 The Submodel of Control Procedures

The purpose of this submodel is to test the effectiveness of the five types of control activities and how this evaluation
affects the assessment of control risk. Control activities are the policies and procedures that help ensure that
necessary actions are taken to address risks to the achievement of the organization’s objectives (COSO, 2013; Arens
et al., 2014). As shown in figure 6, control activities include adequate segregation of duties, proper authorisation of
transactions and activities, adequate documents and records, safeguarding controls, and independent checks on
performance (Changchit et al., 2001a; Changchit et al., 2001b; Deshmukh, 2004; Arens et al., 2014). Figure 7
illustrates the PF of control procedures in more details.
4.8 The Submodel of Information and Communications
The purpose of this submodel is to evaluate the effectiveness of the accounting information and communication
system in initiating, recording, processing, and reporting the organization’s transactions and in maintaining
accountability for the related assets as well as how this evaluation affects the assessment of control risk. The
accounting information and communication system has several subcomponents (classes of transactions) and must
satisfy all of the six transaction-related audit objectives (occurrence, completeness, accuracy, posting and
summarization, classification, and timing) for each class of transactions (Arens et al., 2014). Information is necessary
for an organization to carry out internal control responsibilities to support the achievement of its objectives (COSO,
2013). So, management should have relevant and quality information to support the functioning of other internal
controls. Communication occurs both internally and externally and provides the organization with the information
needed to carry out day-to-day internal control activities. The auditor can use three procedures to evaluate the
information and communication: (1) relevant and quality information (2) internally communicates information (3)
communicates with external parties, in particular external auditors. Figure 8 illustrates the PF of information and
communications.
4.9 The Submodel of Walk-through of Significant Accounts
The purpose of this submodel is to evaluate the results of the tests of significant accounts and to test whether the
results of investigating the significant accounts support the low assessment of control risk (Ernst & Young, 2002;
Arens et al., 2014). Significant accounts include transactions with related parties, high amount transactions,
transactions affected by judgements (subjectivity), suspense accounts and changed accounts during the current period
(Wahdan, 2006). Figure 9 illustrates the PF of walk-through of significant accounts.

Published by Sciedu Press 10 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Was there proper authorization of transactions?

Was there separation of the custody of assets

from accounting?

Was there separation of authorization of

transactions from the custody of related assets?

Was there separation of operational responsibility

from record-keeping responsibility?

Was there separation of IT duties from the key

users duties?

Was there sequential and pre-numbering for

documents?

Was there timely preparation of documents?

Was there proper records-keeping?

Were there controls on data entry and

recording?

Was there safeguarding of assets and records and

Data?

Were there controls of access?

Were there effective supervision controls

by internal auditors or audit committee?

Did a lack of control have so material

effect on the internal control
effectiveness as a whole?

Investigation of controls procedures

supports the low level of CR

Investigation of controls
procedures does not support the
low level of CR

Figure 7: Investigation of control procedures

Published by Sciedu Press 11 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Does the organization have relevant, quality

information to support the functioning of internal
control? R.3.8.1

Does the organization internally communicate

information (objectives and responsibilities for
internal control) necessary to support the
functioning of internal control?

Does the organization communicate with

external parties about matters affecting the
functioning of internal control?

Information and communication support Information and communication do not

the low level of control risk support the low level of control risk

Figure 8: Information and communication R: Relation

Do the results of walk-through for a sample

of related party transactions prove the
controls’ effectiveness?

Do the results of walk-through for high

transactions size prove the controls’ effectiveness?

Do the results of walk-through for accounts

affected by judgments prove the controls’
effectiveness?

Do the results of walk-through for

suspense accounts prove the controls’
effectiveness?

Do the results of walk-through for

accounts changed during the period
prove the controls’ effectiveness?

Walk-through of significant accounts supports Walk-through of significant accounts does not

the low level of control risk support the low level of control risk

Figure 9: Walk-through of significant accounts

4.10 The Submodel of Tests of Controls

The purpose of this submodel is to evaluate whether the internal controls are designed and operated as contemplated
in the preliminary assessment of control risk (Arens et al., 2014) and to test whether the results of tests of controls
support the preliminary assessment of control risk (Arens et al., 2014). Tests of controls are procedures performed to
attain audit evidence regarding the appropriateness of (1) the design and (2) the effective operation of the accounting
and the internal control systems (IFAC, 2010). The auditor should obtain audit evidence through tests of controls to
support any assessment of control risk below the maximum. The lower the assessment of control risk, the more
support the auditor should obtain that internal controls are suitably designed and effectively operated. Figure 10
illustrates the PF of tests of controls.

Published by Sciedu Press 12 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Does the examination of the documents and

records prove the controls’ effectiveness?
No

Yes

Does the observation of the controls’

applications prove the controls’ effectiveness?
No
Yes

Does the reperformance some control activities

prove the controls’ effectiveness?
No

Yes

Do the confirmations prove the controls’

effectiveness?
No

Yes

Do the inquiries with client personnel prove

the controls’ effectiveness?
No
Yes
Tests of controls support the low level of Tests of controls does not support the low level
control risk of control risk

Figure 10: Tests of controls

4.11 The Monitoring Submodel

The purpose of this submodel is to evaluate the monitoring activities and how they can affect the assessment of
control risk (Arens et al., 2014). Monitoring activities deal with ongoing or periodic assessment of the quality of
internal control by management to determine that controls are operated as intended and that they are modified as
appropriate for changes in conditions (Fadzil et al., 2005; Arens et al., 2014; Owusu-Boateng et al., 2017). Ongoing
assessment (built into business processes) provides timely information. Period assessment will vary in scope and
frequency depending on assessment of risks, effectiveness of ongoing assessment, and other management
considerations. Findings are evaluated and deficiencies are communicated to the board of directors (COSO, 2013).
Figure 11 illustrates the PF of monitoring activities.

Published by Sciedu Press 13 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Does the organization perform ongoing or periodic

evaluations to ascertain whether the components of internal
control are present and functioning?

Does the organization determine the components

of internal control that are changed during the
period and their effects?

Does the organization evaluate and communicate

internal control deficiencies in a timely manner to
those parties responsible for taking corrective
actions?

Monitoring activities do not support the low

Monitoring activities support the low level
level of control risk
of control risk

Figure 11: Monitoring activities

5. Classroom Application
In this section the research question no.2 will be answered. An experimental setting was as follows. PFs were used in
the second level auditing course "Advanced Auditing" at one state university (Menoufia University) in Egypt (a
sample of 64 students participated in the experiment). The topic of the assessment of control risk was covered in the
auditing class using textbook, and then using PFs. The students were randomly divided into two groups. One group
was provided with PFs, the other was not. Both groups had accessed to lecture notes and textbook materials related
to the assessment of control risk.
Ten auditing test cases were designed in cooperation with a group of 34 auditors within seventeen audit firms in
Egypt. The auditors also provided the guidelines answers of the ten auditing test cases. The assignment of control
risk was distributed to all 64 students. The group with PFs (32 students) solved the ten test cases using lecture notes
and textbook materials as well as PFs, while the other group (32 students) solved the cases using lecture notes and
textbook materials only.
Table 1 provides the results of 64 students from Menoufia University. The 32 Menoufia students who did not use
PFs faced 320 (32 * 10) test cases; they solved 259 cases correctly resulting in 81%, while the students who used PFs
solved 304 cases out of 320 cases correctly, which is represented by 95%. Based on the observation and the
judgments of the ten auditing test cases, it may be concluded that the group who used PFs performed better than the
other group (see table 1). It is observed that the students who used PFs made fewer errors in the assessment of
control risk, and were faster in finalizing the assignment than the other group who did not use PFs. Furthermore, it is
remarked that the students’ knowledge in the auditing class was improved as we experienced from a discussion
afterwards (see below). Using PFs gives the students a hand-on experience dealing with the assessment of control
risk. Moreover, some professors from different Egyptian universities provide some feedback information regarding
PFs.
Table 1. Impact of PFs on Students’ Learning Performance - Menoufia University
Students who did not use PFs Students who used PFs
(% Correct) (% Correct)
N = 32 N=32
The Assignment (10 auditing test 81% 95%
cases)
To support the statements above some students and professors provide some feedbacks.

Published by Sciedu Press 14 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Professor 1: "The logic of the flowcharts for assessing the control risk is easy to understand and follow. They are
saving time to teach students how to assess the control risk".
Professor 2: "Flowcharts guide students to the required procedures to assess the control risk in accordance with
auditing standards and COSO requirements".
Professor 3: “Flowcharts are useful in practice as a tool for training students and novice auditors on how to assess the
control risk. If we want to improve or have more benefits from these flowcharts, we should: (1) apply flowcharts in
practical cases, (2) connect the flowcharts with CPA firms’ studies, and (3) use the flowcharts in all of our auditing
classrooms”.
Student 1: "PFs are excellent flowcharts. They enable us to understand which level of the control risk should be
assessed when the auditor faces different problems and cases during performing his work (audit). It is the first time
that I fully understand auditing in general and the assessment of control risk in particular".
Student 2: "From the first impression, I consider these flowcharts as complex flowcharts, however after I give them
my intention and concentration I found that they are high techniques to understand and remember the assessment of
control risk ".
Student 3: "From my point of view, these flowcharts are very important. They help us to understand the topic of
assessment of control risk".
6. Conclusion and Future Research
6.1 Conclusion and Contribution
This paper aimed at developing and testing the PFs that help educate students in the assessment of control risk. Two
main research questions examined in this paper are: (1) how can the PFs be developed to help students and novice
auditors assess the control risk? And (2) to what extent is using PFs effective as a tool to improve the education of
assessing the control risk? The knowledge is acquired (a) from the literature and (b) from experienced auditors. The
primary contribution of this paper is that the conceptual model of PFs is successfully designed and consists of eleven
submodels and ten PFs.
The conceptual model provides a vital contribution to the literature, and the application of it constitutes a new
educating method of auditing. As an aside the author would like to mention that from the validation process by the
respondents and interviewees as well as from an empirical test, it may be concluded that usage of PFs is an effective
tool to improve the auditing education. PFs developed in this paper are logical and easy to follow. Finally, the author
believes that organizing the training sessions by using the PFs is a good way to prepare students for a successful
career in auditing. Hence it is concluded that PFs are beneficial to the students; the students who used PFs
outperformed students who did not use them. Moreover, the PFs made the learning process of the assessment of
control risk more effective (see the students and professors’ feedbacks). The PFs developed in this paper have their
origins in both theoretical and practical settings. Yet, the goal is to use them for teaching purposes. The conceptual
model of PFs provides top management and external auditors with procedures used in the evaluation of the overall
effectiveness of the entity’s system of internal control. So, the conceptual model of PFs has important implications
for those responsible for implementing an effective internal control (managers), evaluating internal controls (external
auditors), teaching internal controls (professors) and learning internal controls (students). These practical flowcharts
enable students to gain experiential knowledge of the world he or she will participate in and face upon graduation, as
well as to have real world experiences in short time. To the best of the author's knowledge, this is the first study that
contributes to the literature by developing PFs as a tool for educating the control risk assessment.
6.2 Limitations and Future Research
This study is subjected to some limitations regarding generalizability of results since the sample size of students is
small and from one state university. In addition, designing test cases may be subjective. Future research should deal
with the impact of PFs on the learning process of novice auditors on the cases in a real auditing setting. Furthermore,
the PFs approach could be applied in the other classroom settings to generalise the results. Moreover, PFs may be
used as a basis for designing software for assessing the control risk.
Acknowledgement
The author would like to thank the reviewers and participants at 2017 International Conference on Computer
Auditing (ICAEA 2017) in London for their helpful feedback on earlier versions of this manuscript. Moreover, the
author gratefully acknowledges the helpful comments of the editor and both anonymous reviewers of AFR journal.

Published by Sciedu Press 15 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

References
Aldamen, H., Al-Esmail, R., & Hollindale, J. (2015). Does Lecture Capturing Impact Student Performance and
Attendance in an Introductory Accounting Course? Accounting Education, 24(4), 291–317.
https://doi.org/10.1080/09639284.2015.1043563
Amoah, N.Y., Anderson, A., Bonaparte, I. & Tang, A.P. (2017). Internal Control Material Weakness and Real
Earnings Management. Advances in Public Interest Accounting, 20, 1-21.
https://doi.org/10.1108/S1041-706020170000020001
Apostolou, B., Dorminey, J.W., Hassell, J.M. & Rebele, J.E. (2015). Accounting Education Literature Review
(2015). Journal of Accounting Education, 35, 20-55. https://doi.org/10.1016/j.jaccedu.2016.03.002
Arens, A.A., Elder, R.J., & Beasley, M.S. (2014). Auditing and Assurance Services: An Integrated Approach. 15th
Edition, Pearson Education Limited, England.
Asare, S.K. & Wright, A. (2012). The effect of Type of internal Control Report on users' Confidence in the
Accompanying Financial Statement Audit report. Contemporary Accounting research, 29(1), 152-175.
https://doi.org/10.1111/j.1911-3846.2011.01080.x
Boynton, W.C. & Johnson, R.N. (2006). Modern Auditing: Assurance Services and the Integrity of Financial
Reporting. 8th Edition, John Wiley & Sons Inc., USA.
Camp, J. M., Earley, C. E., & Morse, J. M. (2015). The Use of Alternative Quiz Formats to Enhance Students’
Experiences in the Introductory Accounting Course. Advances in Accounting Education, 17, 25–43.
https://doi.org/10.1108/S1085-462220150000017012
Changchit, C. (2003). The Construction of an Internet-Based Intelligent System for Internal Control Evaluation.
Expert System with Applications, 25, 449-460. https://doi.org/10.1016/S0957-4174(03)00069-1
Changchit, C., Holsapple, C.W., & Madden, D.L. (2001a). Supporting Manager's Internal Control Valuations: An
Expert System and Experimental Results. Decision Support Systems, 30, 437-449.
https://doi.org/10.1016/S0167-9236(00)00127-5
Changchit, C., Holsapple, C. W., & Viator, R.E. (2001b). Transferring Auditors’ Internal Control Evaluation
Knowledge to Management. Expert System with Applications, 20, 275-291.
https://doi.org/10.1016/S0957-4174(00)00066-X
Colbert, J.L. (2000). The Impact of the New External Auditing Standards. Internal Auditor, 57(6), 46-51.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2013). Executive Summary.
Curtis, M.B. & Hayes, T. (2002). Materiality and Audit Adjustments, The CPA Journal, (April). Available at:
www.nysscpa.org/cpajournal/2002/0402/dept/d046902.html/
Davis, J.T., Ramamoorti, S. & Krull, G.W. (2017). Understanding, Evaluating, and Monitoring Internal Control
Systems: A case and Spreadsheet Based Pedagogical Approach. AIS Educator Journal, 12(1), 59-68.
https://doi.org/10.3194/1935-8156-12.1.59
Defond, M.L. & Lennox, C. (2017). Do PCAOB Inspections Improve the Quality of Internal Control Audits. Journal
of Accounting Research, 55(3), 591-627. https://doi.org/10.1111/1475-679X.12151
DEO (2016). 2016-17 Internal Control Questionnaire and Assessment, Florida Department of Economic
Opportunity. Available at; www.floridajobs.org, accessed on January 2017.
Deshmukh, A. (2004). A Conceptual Framework for Online Internal Controls. Journal of Information Technology
Management, XV(3-4), 23-32.
Doyle, T.J., Ge, W. & McVay, S. (2007). Accruals Quality and Internal control Over Financial Reporting. The
accounting Review, 82(5), 1141-1170. https://doi.org/10.2308/accr.2007.82.5.1141
Ernst & Young (2002). Evaluating Internal Controls, Considerations for Documenting Controls at the process,
Transaction, or Application Level. Ernst & Young Accountants, Rotterdam, The Netherlands, Available at
http:// www.ey.com.
Fadzil, .H.F., Haron, H. & Jantan, M. (2005). Internal Auditing Practices and Internal Control System. Managerial
Auditing Journal, 20(8), 844-866. https://doi.org/10.1108/02686900510619683

Published by Sciedu Press 16 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Fanning, K. & Grant, R. (2017). Manual vs. Computerized practice Set: Which Achieves Learning Objectives the
Best? AIS Educator Journal, 12(1), 25-33. https://doi.org/10.3194/1935-8156-12.1.25
Feng, J. (2017). Research on Internal Control of accounting Information Systems in ERP Environment. Advances in
Social Science, Education and Humanities Research, 4th International Conference on Education, Management
and Computing technology, 101, ICEMCT 2017. https://doi.org/10.2991/icemct-17.2017.330
Feng, M., Li, C. & McVay, S. (2009). Internal Control and Management Guide). Journal of accounting and
Economics, 48(2-3), 190-209. https://doi.org/10.1016/j.jacceco.2009.09.004
Glover, H., & Werner, E. M. (2015). Teaching IFRS: Options for Instructors. Advances in Accounting Education, 16,
113–131. https://doi.org/10.1108/S1085-462220150000016006
Greenberg, R. K., & Wilner, N. A. (2015). Using Concept Maps to Provide an Integrative Framework for Teaching
the Cost or Managerial Accounting Course. Journal of Accounting Education, 33(1), 16–35.
https://doi.org/10.1016/j.jaccedu.2014.11.001
Groomer, S.M. & Heintz, J.A. (1999). Using Flowcharts to Teach Audit Reports: An Update. Journal of Accounting
Education, 17, 391-405. https://doi.org/10.1016/S0748-5751(99)00022-6
Guy, D.M., Carmichael, D.R., & Lach, L.A. (2003). Practitioner’s Guide to GAAS. John Wiley and Sons, Inc.,
Canada.
Han, S., Rezaee, Z., Xue, L., & Zhang, J.H. (2015). The Association between Information Technology Investments
and Audit Risk, Journal of Information Systems. Available at: http://dx.doi.org/10.2308/isys-51317, Accessed
on: 2/2/2016. https://doi.org/10.2308/isys-51317
Hwang, S., Shin, T., & Han, I. (2004). Internal Control Risk Assessment System Using Case-Based Reasoning.
Expert Systems, 21(1), 22-33. https://doi.org/10.1111/j.1468-0394.2004.00260.x
IFAC (2010). Handbook of International Auditing, Assurance, and Ethics Pronouncements. International Federation
of Accountants. Available at http:/www.ifac.org.
Institute of internal Auditors. (2008). Sarbanes-Oxley Section 404: A guide for management by internal Controls
practitioners. 2th edition, January
Institute of internal Auditors. (2011). Auditing the Control Environment. IPPF-Practice Guide, Available at:
www.theiia.org/guidance.
Ji, X., Lu, W. & Qu, W. (2017). Voluntary Disclosure of Internal Control Weakness and earnings Quality: Evidence
From China. The International Journal of Accounting, 52, 27-44. https://doi.org/10.1016/j.intacc.2017.01.007
Jackson, M., & Cossitt, B. (2015). Is Intelligent Online Tutoring Software Useful in Refreshing Financial
Accounting Knowledge? Advances in Accounting Education, 16, 1–19.
https://doi.org/10.1108/S1085-462220150000016001
Jiang, W., Rupley, K.H. & Wu, J. (2010). Internal Control Deficiencies and the Issuance of Going Concern Opinions.
Research in Accounting Regulation, 22, 40-46. https://doi.org/10.1016/j.racreg.2009.11.002
Khorwatt, E. (2015). Assessment of Business Risk and Control Risk in the Libyan Context. Open Journal of
Accounting, 4, 1-9. https://doi.org/10.4236/ojacct.2015.41001
KPMG (2013). COSO Internal Control – Integrated Framework (2013).
Krishnan, G.V. & Visvanathan, G. (2007). Reporting Internal Control Deficiencies in the post-Sarbanes-Oxley Era:
The Role of Auditors and Corporate Governance. International journal of auditing, 11, 73-90.
https://doi.org/10.1111/j.1099-1123.2007.00358.x
Lawson, B.P., Muriel, L. & Sanders, P.R. (2017). A survey on Firms' Implementation of COSO's 2013 Internal
Control-Integrated Framework. Research in Accounting Regulation, 29, 30-43.
https://doi.org/10.1016/j.racreg.2017.04.004
Lenard, M.J. (2003). Knowledge Acquisition and Memory Effects involving an Expert System Designed as a
Learning Tool for Internal Control Assessment. Decision Sciences Journal of Innovative education, 1, 23-38.
https://doi.org/10.1111/1540-5915.00003
Lenard, M.J., Petruska, K.A., Alam, P. & Yu, B. (2016). Internal Control Weakness and Evidence of Real Activities
Manipulation. Advances in Accounting, incorporating Advances in International Accounting, 33, 47-58.

Published by Sciedu Press 17 ISSN 1927-5986 E-ISSN 1927-5994

http://afr.sciedupress.com Accounting and Finance Research Vol. 7, No. 2; 2018

Li, C., Peters, G.F., Richardson, V.J. & Wastson, M.W. (2012). The Consequences of Information Technology
Control Weakness on Management Information Systems: The Case of Sarbanes-Oxley Internal Control Reports.
MIS Quarterly, 36(1), 179-203.
Locatelli, M. (2002). Good Internal Controls and Auditor Independence. The CPA Journal, (October), pp. 12-15.
Lopez, T.J., Vandervelde, S.D. & Wu, Y. (2006). The Auditor's Internal Control Opinions: An Experimental
Investigation of Relevance. ABC Conference and THE University of South Caroline, Columbia, pp. 1-27.
https://doi.org/10.2139/ssrn.905796
Marand, A.A. & Bayaz, M.L.D. (2015). Survey the Effect of the Computerized Accounting Systems on the Auditing
Risk Management. International Journal of Review in Life Sciences, 5(10), 607-618.
McNellis, C. J. (2015). Re-conceptualizing Instruction on the Statement of Cash Flows: The Impact of Different
Teaching Methods on Intermediate Accounting Students’ Learning. Advances in Accounting Education, 17,
115–144. https://doi.org/10.1108/S1085-462220150000017017
Munter, P. (2003). Evaluating Internal Controls and Auditor Independence under Sarbanes-Oxley. Financial
Executive, (October), 25-26.
O’Leary, D.E. (2003). Auditor Environmental Assessments. International Journal of Accounting Information
Systems, 4, 275-294. https://doi.org/10.1016/j.accinf.2003.09.001
Owusu-Boateng, W., Amofa, R. & Owusu, I.O. (2017). The Internal control Systems of GN Bank-Ghana. British
Journal of Economics, Management & Trade, 17(1), 1-17.
PCAOB (2004). An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of
Financial Statements. Washington, D.C., PCAOB Release 2004-001, PCAOB Rulemaking, Docket Matter
No.008.
PCAOB (2005), Risk Assessment in Financial Statement Audits. Available at: www.pcaobus.org, 1-38. Accessed on:
5/12/ 2015.
Romney, M.B. & Steinbart, P.J. (2015). Accounting Information Systems. Pearson Education Limited, 13th, London,
England.
Ryack, K. N., Mastilak, M. C., Hodgdon, C. D., & Allen, J. S. (2015). Concepts-based Education in a Rules-based
World: A Challenge for Accounting Educators. Issues in Accounting Education, 30(4), 251–274.
https://doi.org/10.2308/iace-51162
Wahdan, M.A. (2006). Automatic Formulation of the Auditor's Opinion. PhD Thesis, Maastricht University, The
Netherlands.
‫ــــــــــــــــــــــــ‬. (2013). A Knowledge-based System for Evaluating the Internal Controls over Financial Reporting. The
First International Conference on Accounting and Auditing, Faculty of Commerce - Beni Suef University, pp.
1-26.
Wahdan, M.A. & Herik, H.J. van den. (2011). Impact of a Practical Flowcharts Approach on Educating the Auditor’s
Opinion Formulation. The proceeding of the First International Conference: Emerging Research Paradigms in
business and social Sciences, Middlesex University, Dubai.
Wahdan, M.A., Spronck, P., Ali, H. F., Vaassen, E., & Herik, H.J. van den. (2009). Computer Producing a ‘Fair’
Auditor’s Report. The Proceeding of the Congress 18th IMDA, Tbilisi, Georgia, 293–300.
Zakaria, K.M. & Nawawi, A. (2016). Internal controls and Fraud-empirical Evidence from Oil and Gas Company.
Journal of Financial crime, 23(4), 1151-1168. https://doi.org/10.1108/JFC-04-2016-0021

Published by Sciedu Press 18 ISSN 1927-5986 E-ISSN 1927-5994